Chapter 60. security


This chapter describes the commands under the security command.

60.1. security group create

Usage:

openstack security group create [-h] [-f {json,shell,table,value,yaml}]

                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     [--description <description>]
                                     [--project <project>]
                                     [--project-domain <project-domain>]
                                     [--tag <tag> | --no-tag]
                                     <name>
Copy to Clipboard Toggle word wrap

Create a new security group

Expand
Table 60.1. Positional Arguments
ValueSummary

<name>

New security group name

Expand
Table 60.2. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--description <description>

Security group description

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

No tags associated with the security group

Expand
Table 60.3. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 60.4. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.5. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.6. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

60.2. security group delete

Usage:

openstack security group delete [-h] <group> [<group> ...]
Copy to Clipboard Toggle word wrap

Delete security group(s)

Expand
Table 60.7. Positional Arguments
ValueSummary

<group>

Security group(s) to delete (name or id)

Expand
Table 60.8. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

60.3. security group list

Usage:

openstack security group list [-h] [-f {csv,json,table,value,yaml}]

                                   [-c COLUMN] [--max-width <integer>]
                                   [--fit-width] [--print-empty]
                                   [--noindent]
                                   [--quote {all,minimal,none,nonnumeric}]
                                   [--sort-column SORT_COLUMN]
                                   [--project <project>]
                                   [--project-domain <project-domain>]
                                   [--tags <tag>[,<tag>,...]]
                                   [--any-tags <tag>[,<tag>,...]]
                                   [--not-tags <tag>[,<tag>,...]]
                                   [--not-any-tags <tag>[,<tag>,...]]
Copy to Clipboard Toggle word wrap

List security groups

Expand
Table 60.9. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--project <project>

List security groups according to the project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--tags <tag>[,<tag>,…​]

List security group which have all given tag(s) (Comma-separated list of tags)

--any-tags <tag>[,<tag>,…​]

List security group which have any given tag(s) (Comma-separated list of tags)

--not-tags <tag>[,<tag>,…​]

Exclude security group which have all given tag(s) (Comma-separated list of tags)

--not-any-tags <tag>[,<tag>,…​]

Exclude security group which have any given tag(s) (Comma-separated list of tags)

Expand
Table 60.10. Output Formatters
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Expand
Table 60.11. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.12. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.13. CSV Formatter
ValueSummary

--quote {all,minimal,none,nonnumeric}

when to include quotes, defaults to nonnumeric

60.4. security group rule create

Usage:

openstack security group rule create [-h]

                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent] [--prefix PREFIX]
                                          [--remote-ip <ip-address> | --remote-group <group>]
                                          [--description <description>]
                                          [--dst-port <port-range>]
                                          [--icmp-type <icmp-type>]
                                          [--icmp-code <icmp-code>]
                                          [--protocol <protocol>]
                                          [--ingress | --egress]
                                          [--ethertype <ethertype>]
                                          [--project <project>]
                                          [--project-domain <project-domain>]
                                          <group>
Copy to Clipboard Toggle word wrap

Create a new security group rule

Expand
Table 60.14. Positional Arguments
ValueSummary

<group>

Create rule in this security group (name or id)

Expand
Table 60.15. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--remote-ip <ip-address>

Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)

--remote-group <group>

Remote security group (name or ID)

--description <description>

Set security group rule description

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--icmp-type <icmp-type>

ICMP type for ICMP IP protocols

--icmp-code <icmp-code>

ICMP code for ICMP IP protocols

--protocol <protocol>

IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: tcp)

--ingress

Rule applies to incoming network traffic (default)

--egress

Rule applies to outgoing network traffic

--ethertype <ethertype>

Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

Expand
Table 60.16. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 60.17. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.18. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.19. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

60.5. security group rule delete

Usage:

openstack security group rule delete [-h] <rule> [<rule> ...]
Copy to Clipboard Toggle word wrap

Delete security group rule(s)

Expand
Table 60.20. Positional Arguments
ValueSummary

<rule>

Security group rule(s) to delete (id only)

Expand
Table 60.21. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

60.6. security group rule list

Usage:

openstack security group rule list [-h]

                                        [-f {csv,json,table,value,yaml}]
                                        [-c COLUMN] [--max-width <integer>]
                                        [--fit-width] [--print-empty]
                                        [--noindent]
                                        [--quote {all,minimal,none,nonnumeric}]
                                        [--sort-column SORT_COLUMN]
                                        [--protocol <protocol>]
                                        [--ingress | --egress] [--long]
                                        [<group>]
Copy to Clipboard Toggle word wrap

List security group rules

Expand
Table 60.22. Positional Arguments
ValueSummary

<group>

List all rules in this security group (name or id)

Expand
Table 60.23. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--protocol <protocol>

List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]).

--ingress

List rules applied to incoming network traffic

--egress

List rules applied to outgoing network traffic

--long

List additional fields in output

Expand
Table 60.24. Output Formatters
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Expand
Table 60.25. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.26. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.27. CSV Formatter
ValueSummary

--quote {all,minimal,none,nonnumeric}

when to include quotes, defaults to nonnumeric

60.7. security group rule show

Usage:

openstack security group rule show [-h]

                                        [-f {json,shell,table,value,yaml}]
                                        [-c COLUMN] [--max-width <integer>]
                                        [--fit-width] [--print-empty]
                                        [--noindent] [--prefix PREFIX]
                                        <rule>
Copy to Clipboard Toggle word wrap

Display security group rule details

Expand
Table 60.28. Positional Arguments
ValueSummary

<rule>

Security group rule to display (id only)

Expand
Table 60.29. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

Expand
Table 60.30. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 60.31. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.32. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.33. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

60.8. security group set

Usage:

openstack security group set [-h] [--name <new-name>]

                                  [--description <description>]
                                  [--tag <tag>] [--no-tag]
                                  <group>
Copy to Clipboard Toggle word wrap

Set security group properties

Expand
Table 60.34. Positional Arguments
ValueSummary

<group>

Security group to modify (name or id)

Expand
Table 60.35. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--name <new-name>

New security group name

--description <description>

New security group description

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

Clear tags associated with the security group. specify both --tag and --no-tag to overwrite current tags

60.9. security group show

Usage:

openstack security group show [-h] [-f {json,shell,table,value,yaml}]

                                   [-c COLUMN] [--max-width <integer>]
                                   [--fit-width] [--print-empty]
                                   [--noindent] [--prefix PREFIX]
                                   <group>
Copy to Clipboard Toggle word wrap

Display security group details

Expand
Table 60.36. Positional Arguments
ValueSummary

<group>

Security group to display (name or id)

Expand
Table 60.37. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

Expand
Table 60.38. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 60.39. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 60.40. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 60.41. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

60.10. security group unset

Usage:

openstack security group unset [-h] [--tag <tag> | --all-tag] <group>
Copy to Clipboard Toggle word wrap

Unset security group properties

Expand
Table 60.42. Positional Arguments
ValueSummary

<group>

Security group to modify (name or id)

Expand
Table 60.43. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--tag <tag>

Tag to be removed from the security group (repeat option to remove multiple tags)

--all-tag

Clear all tags associated with the security group

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat